2 Answers
2

I would think that this warning is harmless (assuming you have not been hacked or you haven't installed any suspicious packages), it seems that rkhunter thinks that scripts in /sbin are suspicious behaviour.

In fact, checked on a clean Ubuntu install I have here and chkconfig is indeed a script.

You meant chkconfig is indeed a script as opposed to a binary, right? Just trying to understand here. What is the difference?
–
NandaOct 24 '12 at 14:08

Exactly; type file /sbin/chkconfig and see for yourself. The main difference is that a script is (generally) written in an interpreted language (bash, perl etc...) and a binary is the result of compiling a program (e.g. written in C); from an end-user (not a developer) point of view, there isn't much difference.
–
RenanOct 24 '12 at 14:37

1

Since /sbin is supposed to have binaries in it, rkhunter threw a warning since it encountered a script rather than an executable. It makes sense.
–
NandaOct 24 '12 at 14:40